[openssl-users] FIPS: Using FIPS_post_set_callback() to capture all errors

jonetsu jonetsu at teksavvy.com
Fri Apr 10 18:10:28 UTC 2015


>From fips_test_suite.c, does the use of FIPS_POST_FAIL be cover
all types of FIPS errors ?

While FIPS_POST_FAIL would be about POST failures, what would the
corruption referred-to by FIPS_POST_CORRUPT ?  Is it likely to be
encountered in a production environment ?

When a FIPS_POST_FAIL is encountered, the test_suite returns a 1.
A 0 is returned when an expected failure occurs in
FIPS_POST_CORRUPT, otherwise a 1.  Is this behaviour of returning
1 when an error is encountered only a test suite practice, or
should it be also used in production ?  Eg. will the return value
influence the behavior of OpenSSL when an error happens (eg. not
allowing any crypto from then on) ?


More information about the openssl-users mailing list